All Products
Search

This Product

    Domain Names:Domain name security

    Document Center

    Domain Names:Domain name security

    Last Updated:Dec 23, 2025

    Threats like domain hijacking, unauthorized transfers, and DNS tampering can lead to service interruptions, data leakage, brand damage, and financial loss. Alibaba Cloud provides a multi-layer defense system that protects your domain names at the account, registrar, and DNS layers. This system offers flexible configurations for a wide range of security needs, from basic protection to enterprise-grade security.

    This topic provides an overview of the available security features to help you choose the right protections for your business needs. For detailed configuration instructions, see the documentation for each feature.

    Key security features

    Protection layer

    Security feature

    Description

    Cost

    Account

    MFA

    Prevents unauthorized account access by requiring a second factor of authentication in addition to a username and password.

    Free

    Registrar

    Transfer lock

    Prevents unauthorized transfers of the domain name to another registrar.

    Free

    Update lock

    Prevents unauthorized changes to critical domain name settings, such as contact information and name servers.

    Free

    DNS

    DNSSEC

    Protects against DNS hijacking and cache poisoning by cryptographically signing your DNS records, ensuring users are directed to the authentic server for your domain name.

    Paid

    Recommended protection matrix

    Use the following recommendations to configure security settings based on your business scenario.

    User type

    Use case

    Recommended protection matrix

    Individual developer or blogger
    (Manages a personal domain name for a blog, portfolio, or test project)

    - The domain name is used primarily for display or learning purposes.
    - You do not log on to the console frequently.
    - You are concerned about losing the domain name because of a forgotten renewal or account theft.
    - You may use a weak password or a shared email address for logon.

    MFA + Transfer lock

    Small and medium-sized enterprise (SME) operator
    (Manages online portals like the company website, apps, mini-programs, or e-commerce platforms)

    - The website is online and serves external users.
    - The DNS configuration is stable and is not changed frequently.
    - You are aware of other websites being hijacked and redirected to ad pages, and are concerned about similar risks.
    - The account is managed by multiple people, which raises concerns about accidental operations or inadequate permission control.

    MFA + Transfer lock + Update lock

    Enterprise IT/pperations lead
    (Manages the primary brand domain name, core business systems, or high-traffic platforms)

    - The primary domain name hosts logon systems, payment pages, or member services.
    - A service breakdown would significantly impact users and revenue.
    - The domain name is a target for attacks or is subject to high-level protection requirements from industry regulations.
    - You require the highest level of security, where the domain name cannot be operated on even if the account is compromised.

    MFA + Transfer lock + Update lock + DNSSEC

    Overview of protection features

    Multi-factor authentication (MFA)

    MFA is a security best practice that adds a second layer of protection to your account beyond your username and password.

    After you enable MFA, you must complete the following two steps to log on to Alibaba Cloud:

    1. First factor: Enter your username and password.

    2. Second factor: Provide a temporary, one-time code from an MFA device, such as a 6-digit code generated by a virtual MFA application.

    Even if an unauthorized party obtains your password, they cannot access your account without your MFA device. For more information, see Configure MFA for your account.

    Transfer lock

    This feature sets the domain name's status to clientTransferProhibited at the registrar level, which prevents unauthorized transfers of your domain name away from Alibaba Cloud.

    Note

    To transfer a domain name, you must first disable this lock to obtain an authorization code.

    For more information about how to enable the transfer lock, see Lock a domain name to prevent unauthorized transfer.

    Update lock

    When enabled, this lock prevents unauthorized changes to critical domain name information, including contact details and name servers. This feature is supported for domain names with TLDs such as .com.net.org.info.biz.mobi.asia.me.so.cc.tv.name, and .cn.

    For more information about how to enable the update lock, see Lock a domain name to prevent information update.

    DNSSEC

    Domain Name System Security Extensions (DNSSEC) helps prevent DNS hijacking and cache poisoning attacks by adding a layer of cryptographic verification to your DNS records. This process ensures that when users access your domain name, they are connected to the authentic server. For more information, see Configure DNSSEC.